The Problem

If you try this in Ubuntu 14.04, everything more-or-less looks and runs the same way. That said, when you try to connect to a PIA-point in the Network Manager, nothing happens. Your wifi radial doesn’t change, flash, or provide any indication that something has gone right or wrong. More importantly (to the lack of feedback, anyway), you are not asked for your PIA password (having put in your username in the install process). This lack of password requesting turns out to be the real kicker (and diagnostic for the fix presented down below).

If you look in /etc/NetworkManager/system-connections, you’ll see that all of the PIA files have been successfully installed.

The second commenter then walks through the install process as if the .ovpn config files didn’t exist (setting up from scratch, which can be laborious if you want to add all of the PIA points) but uses the contents of the openvpn.zip file downloaded by the question-asker.

The fix to the whole matter is partly in the questioner and second answer, but some additional work needs to be done. What’s described below is the process I used to figure out what was going on (showing all work), including using some alternatively-official .ovpn files (and the official ca.crt and crl.pem files provided by PIA).

The Diagnosing (What May Have Brought You Here)

With the failure to get any feedback from Network Manager (or the GUI) after the install, I went straight to the syslog to see if anything revealing appears (var/log/syslog). The error report for my VPN connection attempts reads as follows:

A google search for “Failed to request VPN secrets #2“ (I can’t stress enough the value of quotes in troubleshooting Linux issues) dragged me to several pages that didn’t directly address my Network Manager issue, but indicated that one should consider running OpenPVN from the Terminal anyway. Extracting openvpn.zip (downloaded from the PIA website) and cd’ing into that folder (I assume you’re in Downloads), the following commands:

cd Downloads
unzip openvpn.zip
openvpn US\ East.ovpn

Produces the following output – asking for username and password, but then failing to connect (and I include all the output below, assuming the error brought you here).

Works great (can verify at whatsmyipaddress.com or other). And it asks for your username (because the .ovpn files haven’t been configured yet from the script) and password, so we were already ahead of the game from the Network Manager GUI.

OpenVPN seems to work fine and the .ovpn files work, so the problem is somewhere in Network Manager or how it and OpenVPN are interacting (which I’ve not yet found the answer to). Now, you’re supposed to be asked for the password when you try to establish the VPN connection with Network Manager. To see if that was the only problem with the .ovpn files, I simply added my password to the US East.ovpn file as follows (in US /East.ovpn):

nano US /East.ovpn

And add the following somewhere in the file:

password=put-your-password-here

Then restart the Network Manager (and wait a few seconds)

sudo service network-manager restart

And that didn’t work. That said, there’s another password flag in the file (aptly names password_flags) to play with. A search for details lead me to a post at forums.kali.org that goes into some detail about Network Manager NOT strong the VPN password correctly because the user keyring isn’t root-accessible.

Changing password-flags from 1 to 0 and attempting to connect with Network Manager = success!

So, the problem is somewhere in the failed password negotiation between Network Manager and OpenVPN, and providing that info in the .ovpn files from openvpn.zip and a network-manager restart solves the problem.

The new format is so clean! It’s also the format you get if you go through the New Connection process through Network Manager. The formatting seems to be important for the fix I’m going to propose below, so I’m going to modify the newer format files below.

The Solution

The solution is, after many hours, stupid-simple – run the install_ubuntu.sh as described on the PIA website (which will also make you install a few extra programs if you don’t have them already- and it places ca.crt into your OpenVPN folder, which is then called by the VPN files), modify all of the PIA files in your /etc/NetworkManager/system-connections folder by putting your password into each (in the format as below), and restart network-manager from the Terminal. That, in theory, should be it. You’ll have to have root access to do this, though, as the file permissions are all (or should be) 600.

4. Edit all the PIA files. To each of the PIA files, all you have to do is add the following:

[vpn-secrets]
password=put-your-password-here

The [vpn-secrets] is important! I would have thought this to be a comment block for organizational purposes, but adding thr password line alone won’t cut it.

NOTE: If you’re trying to connect through the GUI and the VPN Connections DO NOT appear in the list – provided your password is in the file, your problem is very likely that the file permissions are wrong. If they’re not -rw——, then Network-Manager will not read them.

I do not know if/when the fix will come in between OpenVPN and Network Manager (or something else in Ubuntu) that will obviate the need for this workaround. In the meantime, the procedure above works just fine (works at all) on a clean install of 14.04.2 LTS. The problem seems to be with OpenVPN as it plays with 14.04, a recurring theme I’ve found from lots of people (or, perhaps more specifically, the use of the GUI to call OpenVPN). Given several reports of PIA/14.04, I’m surprised there isn’t more, perhaps specifically on the PIA website, to address this issue. Hopefully a proper fix from PIA, OpenVPN, or Ubuntu developers in en route.

CNYO has been anticipating our first observing session at Beaver Lake for this year, with the first of our two Spring dates (April 23rd) already clouded/snowed out. The forecast for April 30th hadn’t looked too much better based on Monday estimates, leaving us to wonder if attendees would be stuck indoors with a lecture instead of outdoors with the rest of the universe.

I woke up early on the 30th to blue skies and a very bright Sun, certainly already exceeding the expectations of the past few days. But what of the afternoon and evening?

As I am prone to do on the day of an observing session, I headed right for the CNYO Cheat Sheet, where one can find the sky conditions for a large part of Central New York in the form of several Clear Sky Charts (CSCs – and, based on the different cloud cover at different locations, even begin to piece together how the skies at your location may change). The morning’s CSCs are shown in the image below.

You will note that the bars to the far left (representing the morning) are not the dark blue squares that would indicate an almost cloud-less sky. As the red text at the bottom notes, sometimes the CSC images from a previous session are still sitting in your browser’s cache and, to make sure you’re looking at the newest data, you should hit Page Reload. Well, 5 or 10 of those didn’t change matters at all. I clicked on the Downtown Syracuse image in order to see what the actual CSC website said about today. An almost perfect band of dark blue – prime observing weather (when the wind is mild, that is).

So, what happened?

The first clue came when I right-clicked on one of the images in order to see just the image in my browser. When you do this, you should see something like: cleardarksky.com/c/SyrcsNYcs0.gif?1

A quick google search indicated that the i1.wp.com (which might also be i0.wp.com, i2.wp.com, maybe more) site is, in fact, an image (maybe other) repository for wordpress.com that is supposed to speed up your page downloading process (by being faster than the same image you might load somewhere else) and is called upon, specifically, by Photon – one of the functions built into Jetpack (itself a large suite of plugins for WordPress that very generally make my life much easier by providing Site Stats, Contact Forms, etc.). That said, this is no good for the Clear Sky Chart, as you don’t know how many days ago that i1.wp.com image was saved (and it clearly ain’t today’s!).

To disable this feature (if it was turned on, anyway), go to your WordPress Dashboard and click on Jetpack on the right-hand side.

At present, Photon is the first clickable item at upper left. Click on “Photon” to reveal the following image:

Click on Deactivate and go back to your Clear Sky Chart-containing page:

You’ll note that the Clear Sky Charts are fixed (revealing an excellent day for Solar and Night Observing) and you’ll also see that the NASA/SOHO image is different, the SWPC/NOAA image is different, and event the Wunderground logo is different. Quite the site fix!

If you have the same problem, I hope the above fixes it. If you know of a site running the Clear Sky Chart and it doesn’t reflect what you see outside, let the site admin know.

Two of these things are not like the other. The data’s nearly identical (and thank heavens. Unfortunately, Gaussian09 D.01 didn’t see the fully-optimized methane as belonging to the Td point group – despite all three versions being run with the same exact input file – but a rigorous re-symmetrization would have taken care of that), but there are some subtle formatting differences between all three versions (including differences between both Gaussian09 versions) that cause the venerable, all-encompassing aClimax program (developed by Timmy, the venerable, all-encompassing A. J. Ramirez-Cuesta) to throw out the following errors for all three cases when you use *.log files from a *nix (UNIX, Linux) machine.

Problem number 1 is the existence of *nix newlines (carriage returns) in the *.log files coming off a *nix machine. Performing a conversion from *nix to DOS (for myself, using LineBreak in OSX, but tofrodos works just as well), the Gaussian03 file now opens just fine in aClimax:

File Loaded: Data Loaded Succesfully [sic].

This, unfortunately, does not improve the matter with the Gaussian09 files, which produce the following error:

Error: One of the numbers you have entered is of the wrong type.Please recheck and try againError Loading File: Error reading data. Please check and try again.

Given how little of the .log file aClimax actually needs to produce simulated inelastic neutron scattering (INS) spectra, I ran the methane normal mode analyses in three different Gaussian versions to determine what, in G09, was changed to make it just un-G03 enough to fail to load. With those changes figured out, I had a Perl script drafted up that would have converted everything back to the original G03 format. It was awesome. That said, after a small amount of testing to see where aClimax’s sensitivities lay, I discovered that very little of the .log file contents needed to be changed out, meaning that simple sed scripts would work just as well for those of us using our Windows boxes (or VirtualBox emulations) only for that “one stupid program” that keeps us having to log in (and, by that, I mean that we have sed already on our computers).

So, the problems between G09 and aClimax not related to carriage returns lie in two places.

1. The spacing of “Atom AN” – at the top of the eigenvector lists are the column labels, beginning with “Atom AN” – or something very close to “Atom AN” (the “|” in the boxes below mark the left edge of the output):

G03 E01 | Atom AN
G09 A02 | Atom AN
G09 D01 | Atom AN

Yes, the addition of a space or two results in a read error by aClimax. I would call this an… aggressive stringency in aClimax. That said, what did the original space in G03 versions not do that they do do in G09?

2. The spacing of “Atom N” – In the “Thermochemistry” section below the eigenvectors, atomic masses are listed as “Atom N” – or something very close to “Atom N” (again, the “|” in the boxes below mark the left edge of the output):

G03 E01 | Atom 1
G09 A02 | Atom 1
G09 D01 | Atom 1

This change in spacing is also enough to cause aClimax to error out.

The Solution

A small sed script performs the necessary conversions on your *nix box (including OSX) for all .log files in a directory without issue:

The final problem halting your aClimax spectrum generation is the DOS carriage return (^M). For those running DOS-based Gaussian calculations (likely with a .out suffix), your conversion with the short script above (under *nix) likely (hopefully) worked just fine. For those running under *nix, you performed the conversion and still received the following aClimax error:

A2. I will assume that your problem is that you’re running the script in DOS to try to get your G09 to read more like G03. In this case (assuming you’re generating .out files), you’ll want to use a text editor to make the replacements described above (which is to say, that Perl script might makes it way to this page eventually. If you write a DOS .bat file or similar script for all OS’s, I’d be happy to link to it).

The snapshot below shows the state of swv as of 3 December 2014. On the bright side (minus a friendly conspiracy to get someone else in trouble), I can say with some certainty that Serwan performed the content-ectomy (twitter: @S3RW4N, current email (although I suspect it won’t last long): serwan_007 – at cymbal – hotmail.com, on the Facebook, etc. All sites subject to change as people try to track him/her down post-attack (he/she’s been prolific if nothing else)).

Exhibit A. Flag is waving in the actual version.

Several problems. To begin, it’s a gaudy hack, complete with rolling text and techno music. Second, the Television New Zealand (TVNZ) news service thought this hack to be significant enough to warrant actual coverage on their website when a similar file-swap on a WordPress (or WordPress-esque) site brought down the Health and Sports Fitness Club in Sandringham (syracuse.com didn’t give me the time of day). I commend this Kurdish hacker group for their ratings. Third, the manner in which files were replaced in the blog (specifically meaning the index.php file) blocked every other post on the site from being accessed, so every link anyone had posted to a page anywhere else on the Internets was made useless.

That said, I appreciate that Serwan generally performs fairly benign attacks on websites. File replacements were clearly identified from a simple date sorting, the important MySQL database content wasn’t touched, and Serwan even went as far as to set up a second Admin account so that I could quickly retake control of the site.

So, in light of the plight of the Kurdish people, I left the hacked version up for a few hours as I pondered what to do, which I discuss below.

My Spotty Procedure For Recovery:

What follows is a list of obvious and less obvious things to consider when recovering your WordPress blog from a hack. There are plenty of websites that show how to protect your site in the first place, then others that explain how to revive it (provided you do your own due diligence and back your site up regularly enough). What’s below is not complete, but you can rest assured that google is your friend in such matters, so keep your keywords targeted and see what comes up.

General Considerations:

1. Don’t use your blog. My last post at the time dated back to June 25th, during which time I’ve made several full backups (and kept WordPress up-to-date, the last time being 7 November 2013) of my entire site. In this respect, I was well set up to quickly recover from a hacking incident.

2. Keep a copy of your current running version of WordPress handy for file replacements. In my case, index.php was written over. All I had to do to recover was uncompress my WordPress 3.7.1 download, upload index.php to my server, and the site was back and running.

3. Have you backed up lately? This phrase has been in the .sig of my emails for many, many years. If your entire life is lived in the Googleverse (email, images, documents, etc.), then you’re fine until the Earth’s magnetic poles shift and wipe all the hard drives out (just kidding. I think). If you’re a computational scientist and have TBs of data, it’s up to you to make sure you have access to it all again. Same applies to WordPress. I’ve a biweekly alarm that tells me to back up several websites and I’ve an encrypted .txt file with all of the login info and steps needed to perform this backup. You should absolutely be doing the same if you’re not.

4. Set up an additional Administrator. In my case, my admin account was hacked to change the associated user email address to Serwan’s email. Obviously, attempting to log in, change the password, or what have you simply sent little pings of your futile attempts to the hacker. Having that second admin account will allow you to reroute your login efforts (and if they’re both hacked into, there’s still a way around. Will get to below).

5. Make a real password. At the risk of de-securing my sites by providing personal info, my typical password looks something like this:

d@!25fj014or&ydoSDfu

20 characters long, upper and lower, numbers, and non-alphanumeric characters. If you care about your site security, stay the hell away from the dictionary.

6. Dry-run your SHTF moment. Are you a survivalist? Can you identify edible berries by sight, build a lean-to, or stitch an open wound? Or are you the Marty Stouffer of the camping section at Target? If you’ve never had to work your way back from a complete disaster, you likely won’t know how to do it either quickly, efficiently, or securely.

Ergo, do another WordPress installation in a sub-folder of your main installation, create a new database, make your site pretty, perform a full backup of your database and uploaded media, then break it, either by deleting core files or corrupting your database (deleting a table would do the trick). If you can put the site back together again (the uploading of the database back onto your server likely being the worst part of the whole process), you’re likely in good shape for the real deal.

7. Harden WordPress. The good people at WordPress even tell you how to (although, admittedly, I thought I did all of this, so maybe there’s something being missed that will go into a future iteration of this page).

8. Get rid of “admin.” Several of the sites discussing WordPress hacks report that having this default account (or account default’ed) is a top-5 problem when trying to keep people out of your site. So get rid of it. Easily. Set up a new account, give it administrative privileges, then delete the admin account, which will ask you to attribute the current admin posts to another admin account.

9. Delete deactivated plugins if you’re not going to use them. Plugins are developed by people. People often have lives that keep them from timely updates of security exploits. If you’re using a plugin, that’s one thing. If a deactivated plugin languishes in your plugins folder, never gets updated, and some hacker writes something specifically to exploit a security flaw in that old, poorly maintained plugin, that’s all on you. So don’t risk your pocket knife being a projectile as you walk into the MRI room and get rid of the knife before it comes a problem.

10. I know nothing about it yet, but am giving Wordfence a whirl presently.

11. Hey, check your blog every once in a while to make sure it’s still you and not Serwan.

For The Specific Attack (From Easy To Harder):

1. FTP in and check file dates. The offending .php files (index.php and a hello.php containing the techno) were both dated 3 December 2013. Everything else was, at its newest, 7 November 2013 (from my last WordPress update). This made finding the hacked and previously not-present files easy. A cluster of important files with identically modification times and dates is an easy giveaway.

2. FTP in and check ALL the file dates. One never knows when something else is going to be placed into a themes folder, plugin folder, etc., to keep track of site access (that’s why I delete all deactivated plugins). So, sort by date and scour the whole site for modifications and new files.

3. If you make it into your site, go right to your User Settings, change the email address, then change your password.

4. Check out something like Sucuri SiteCheck. Hopefully, this search will complement your initial search as well as test against known threats. I ran a Sucuri on a similarly-hacked site (in this case, indoorstinkbugtrap.com) and received the following notification of defacement (so the check worked).

securi.net results for fellow victim indoorstinkbugtrap.com.

5. If you can’t make it in the front door, crawl through the plumbing. You can change your admin account from within MySQL using, for instance, phpMyAdmin (check your hosting provider for details if this is new information to you). In the case of phpMyAdmin, you can modify the admin account in six easy steps.

1. Log in to phpMyAdmin

2. Click on the Structure Button in wp_users (red circle)

3. Click on Browse (told you this was easy)

4. Click the edit button for your administrative account (red circle)

5. Change the email address back to your email and delete the current password.

6. Save and go back to our WordPress site, then request a new password.

And, While We’re At It:

Serwan’s twitter image currently features a white hat (the Gandalf-ian sign of a good guy/gal hacker) and a long list of sites that have been defaced with otherwise useless, feral medadata promoting Kurdish Hackers for google to get confused by. A search for somewhereville.com in google left the following bad taste in its results page for a week after:

Hacked By Serwan. Allah Is Greatest. Long Live Kurdistan. Thanks To All Kurdish Hackers. Follow @S3RW4N FB.com/Mr.S995

If I may be so bold (and I’ve told Serwan the same), the Kurdish people had a long history of getting steamrolled by an oppressive regime that, regretfully, first-world countries didn’t put enough into stopping or acknowledging until the tanks rolled South into Kuwait. If you’re gong to label yourself an ethical hacker, fine. Mangle the front-end of someone’s WordPress site. That said, you could be educating others on the Kurdish people by including a few links into your hack. I live in America, where certain news services use “Muslim” and “Islam” in headlines purely for shock value when they want to appeal to an audience so narrow-minded that their hearing is susceptible to the Casimir Effect. I recommend adding the wikipedia article on Kurdistan and the Al-Anfal Campaign to future hacks (and I’m sure Serwan could find more) to provide a little substance to your efforts unless, of course, your goal is just to be a stupid-ass script-kiddie hacker.

If you’re gonna hack, at least try to be productive. Meantime, this was a valuable lesson for myself on what to do to try to keep WordPress from falling into the same limbo during a time when I might not have had an hour to fix it.

You could spend your life on the first six pages of “Stick Control” and still not cover all the possibilities. Dynamics, accents, foot-hand, foot-foot, fast/slow, hands on top of foot patterns, feet on top of hand patterns, regroupings and accenting in 5-7-4 (regrouping of the 16 strokes per pattern), 7-5-4 (re-regrouping of the 16 strokes), yadda yadda. If you see the first six pages of Stick Control as just exercises, you miss the fantastic complexity YOU can introduce to constantly humble yourself while hovering over a practice pad.

As I look at the sets of exercises, I see what I assume most of us do – paradiddles, singles, doubles, multiple-hits of the same stick, some oddball patterns you start playing as written and then mess up without knowing, etc. The question I found myself asking was “What drove Stone to use this particular sequence?” I eventually turned that question around and decided to answer the question “What did Stone leave out?” The PDFs linked to this article are what I’ve affectionately come to call the “Stone Boulder,” providing EVERY sticking combination Stone included and every other combination he didn’t. Some intro to how and why is below, followed by a bit of explanation. I think the patterns themselves are self-explanatory.

While not the most cite-able examples in all of genomics, there have always been passing references to drumming “being in someone’s DNA.” As it happens, drumming and biology did overlap in general approach during the mid-80’s-to-early-90’s (or so) in the great heyday of linear drumming (go dig out your Murray Houllif and Gary Chaffee books). The idea is simple: no two drums/cymbals hit at the same time, producing an often staccato and generally (well, to my ears anyway) more melodic sound from the drums (and much easier to transcribe than some of the superhuman overlapping rhythms people are having fun playing today). Ignoring the complexities of 3.5 billions years of evolution, DNA works the same way as these linear patterns to convey a message. The four bases in your DNA, A (adenine), C (cytosine), G (guanine), and T (thymine), act as a code that is read like those old drum beats were played – one at a time with no doubling-up please. The identical three million base-long DNA sequences in each of your cells (see CSI) could be turned from seemingly random patterns of [A,C,G,T] into seemingly random patterns of [L,R,B,H] (that’s left hand, right hand, bass drum foot, hi-hat foot), then some experimental linear drumming composer could “play” your genome. Better still, if the transcriber was as good as your cellular machinery, the entire performance could be written down and reconverted into [A,C,G,T] format exactly so you could be cloned and double-drum with someone who rushes and slows down just as much as you do.

While most people think of a drum programmer as someone who generates patterns on a computer, I took the route of programming to generate patterns to drum. I most certainly did NOT put the pattern pages together by hand (I promise, no mistakes). A small script in the Perl programming language used to generate DNA sequences did all of the dirty work (including making sure all patterns only appear ONCE in each document). The math for figuring out the total number of left/right patterns is quite simple. The number of combinations of unique sticking patterns for a particular pattern length is 2^n, n being the number of beats. For a single beat, that’s 2^1, or just 2, that single hit being performed with either the left or right hand. For a four-stroke pattern, that’s 2^4 (2 * 2 * 2 * 2), or 16 total patterns. These are shown below out of academic interest (although I hope you could write them down from memory).

Now, consider the first six pattern pages of the Stone book. 16 beats per pattern. That’s 2^16, or 65536 total patterns. At 20 patterns per page, the complete Stone book of these first six pages would take up 3,277 pages. At 2 seconds per pattern, you could rip through all 3,277 pages in about 36 hours 30 minutes (about the perceived length of a society gig).

For you fellow jazzers out there looking for a more swingin’ set, I’ve also included the same sticking deal with a triplet-feel set (12 beats instead of 16, so you’ve only got 4096 patterns to contend with, meaning you could play through the whole set in about 2 hours 30 minutes).

4,096 patterns are bad enough. 65,536 is borderline something uncouth. On the one hand, that’s a lot of patterns either way. On the other, for the obsessive compulsive readers, these are IT. There are no other 12- or 16-stroke sticking combinations that have a stick hitting on each beat (that is, no rests). As Terry Bozzio has said in one form or another in his many clinics introducing his ostinato independence exercises “once you’ve played through the 16, you’ve played every 16th note pattern there is.”

And it could be worse! If you wanted every combination of left, right and rest, that’s 3^16, or 43,046,721 patterns. At 2 seconds per pattern, that’s 23,915 hours, or about 2 years and 8 months. I pondered doing the same thing for all 16-note linear drum patterns (L,R,B,F), which would produce 4^16, or 4,294,967,296 patterns. That’s 2,386,093 hours, or 272 years and 3 months (that’s approaching four reincarnations of “no life”).

Each full page has three columns of 40 patterns (120 per page), producing a document that’s only 547 pages long (but entirely green-friendly in PDF format). You will note that most of the pages look like the same stupid thing. This is because the mechanism of generation for the sequences involved making single changes at a single position and walking down the entire 16-stroke sets until all changes had been accounted for. I become bored to tears staying on a single page and generally scroll at random and point the stick at the screen to pick a pattern to play. Be as methodical or all-over-the-map as you will.

Is there a good reason for doing this? Not particularly. There are lots of patterns here that are a mechanical challenge for your arms, but many (many, many) of these patterns do not immediately lend themselves to the funk-ability of some of the Stone patterns (which tend to at least have groupings that, again, reflect rudiments or make you work one limb preferentially in a “usable” way). They are here mostly for completeness and, for when you want to confuse your limbs, picking a page or more at random and seeing how the patterns feel. As independence exercises teach us very early on, our brains are wired for preferential patterning (you hit the same foot as you would hand, you’re non-dominant hand sucks, your hi-hat foot is born useless, and other revelations). This document is simply another PDF you can lose on your machine somewhere or have in that hidden work folder that comes out and gets an intense few looks as you try to split your left and right hands apart more.

And, it should be obvious, the same applies for your feet.

Having fought through enough of the combinations, I began to notice something I’m sure all of us have encountered as we approach that hypnotic state of cruising through a pattern we “get.” Some patterns feel really good to play, but only after you’ve internalized them enough to “play something else,” like feeling an odd clave or taking the patterns with many doubles of one hand and ripping them into a bounce-driven frenzy (or, invariably, playing one pattern we love to play to find out it’s a pattern you heard and memorized in a more musical context on record). The one benefit I’ve found from having this PDF around is that I have all of the patterns in one place, which makes me think harder about the different ways to play the patterns (although that is only a fringe benefit). If you treat them like a journey and not just the first 5 minutes of your warm-up routine, I suspect you could spend your life on any one page and still not cover all of the bases.